Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Enabling Autonomous Ransomware Protection

PDF
RSS
Focus mode
Enabling Autonomous Ransomware Protection - FSx for ONTAP

The following procedures explain how to use the ONTAP CLI to enable Autonomous Ransomware Protection (ARP) in learning mode and active mode as well as how to verify that ARP is enabled. For more information about ARP, see How ARP works.

To enable ARP in learning mode on an existing volume using the ONTAP CLI

  • Run the following command. Replace vol_name and svm_name with your own information. 

    security anti-ransomware volume dry-run -volume vol_name -vserver svm_name

    For more information about this command, see security anti-ransomware volume dry-run in the NetApp documentation center.

    Note

    Learning mode only applies to newly written data. Existing data isn't scanned or analyzed. Normal data traffic behaviors are determined based on the new data that's written after ARP is enabled on the volume.

To enable ARP in learning mode on a new volume using the ONTAP CLI

  • Run the following command. Replace vol_name, svm_name, size, and /path_name with your information.

    volume create -volume vol_name -vserver svm_name -aggregate aggr_name -size size -anti-ransomware-state dry-run -junction-path /path_name

    For more information about this command, see volume create in the NetApp documentation center.

To enable ARP in learning mode on an existing volume using the ONTAP CLI

  • Run the following command. Replace vol_name and svm_name with your own information. 

    security anti-ransomware volume dry-run -volume vol_name -vserver svm_name

    For more information about this command, see security anti-ransomware volume dry-run in the NetApp documentation center.

    Note

    Learning mode only applies to newly written data. Existing data isn't scanned or analyzed. Normal data traffic behaviors are determined based on the new data that's written after ARP is enabled on the volume.

To enable ARP in learning mode on a new volume using the ONTAP CLI

  • Run the following command. Replace vol_name, svm_name, size, and /path_name with your information.

    volume create -volume vol_name -vserver svm_name -aggregate aggr_name -size size -anti-ransomware-state dry-run -junction-path /path_name

    For more information about this command, see volume create in the NetApp documentation center.

To enable ARP in active mode on an existing volume using the ONTAP CLI

  • Run the following command. Replace vol_name and svm_name with your own information. 

    security anti-ransomware volume enable -volume vol_name -vserver svm_name

    For more information about this command, see security anti-ransomware volume enable in the NetApp documentation center.

    Note

    We recommend keeping a volume in learning mode for a minimum of 30 days before converting to active mode. ARP automatically determines the optimal learning period and switches from learning mode when ready. This process might occur in less than 30 days.

To enable ARP in active mode on an existing volume using the ONTAP CLI

  • Run the following command. Replace vol_name and svm_name with your own information. 

    security anti-ransomware volume enable -volume vol_name -vserver svm_name

    For more information about this command, see security anti-ransomware volume enable in the NetApp documentation center.

    Note

    We recommend keeping a volume in learning mode for a minimum of 30 days before converting to active mode. ARP automatically determines the optimal learning period and switches from learning mode when ready. This process might occur in less than 30 days.

To enable ARP by default on an existing SVM using the ONTAP CLI

  • Run the following command. Replace svm_name with your own information. 

    vserver modify -vserver svm_name -anti-ransomware-default-volume-state dry-run

    For more information about this command, see vserver modify in the NetApp documentation center.

To enable ARP by default on an existing SVM using the ONTAP CLI

  • Run the following command. Replace svm_name with your own information. 

    vserver modify -vserver svm_name -anti-ransomware-default-volume-state dry-run

    For more information about this command, see vserver modify in the NetApp documentation center.

To verify the status of ARP using the ONTAP CLI

  • Run the following command. 

    security anti-ransomware volume show

    For more information about this command, see security anti-ransomware volume show in the NetApp documentation center.

To verify the status of ARP using the ONTAP CLI

  • Run the following command. 

    security anti-ransomware volume show

    For more information about this command, see security anti-ransomware volume show in the NetApp documentation center.

You can temporarily suspend (and then resume) ARP if you're anticipating heavy workload events. For more information, see Pause ONTAP Autonomous Ransomware Protection to exclude workload events from analysis in the NetApp Documentation Center.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.